First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Privacy Compliance and Management

Lawyers need to keep up with AI

For decades, novelists, scientists, mathematicians, futurists and science fiction enthusiasts have imagined what an automated society might look like. Artificial intelligence, or AI, is rapidly evolving, and the society we could only once imagine may be on the brink of becoming our new reality.

 

, , , , , , ,

Can marketing and compliance share a playbook?

I recently read an article in the Winter 2017 MIT Sloan Management Review, Mastering the Market Intelligence Challenge (Chari, Luce & Thukral). In this work, the authors address how “many multinationals simply import their domestic models into emerging markets.” And whilst this work is directed towards those who deal with market intelligence in emerging markets, the conclusions drawn are equally applicable to those who face compliance challenges in such frontier regions.

 

, , , , , , , , , ,

Cybersecurity in a post-Ashley Madison world

In a recent key finding, PIPEDA Report of Findings #2016-005 – Joint investigation of Ashley Madison, the Office of the Privacy Commissioner of Canada provided crucial guidance to organizations in relation to information protection and cybersecurity.

 

, , , , , , , , , ,

Defending a lawsuit is not a “commercial activity” under privacy legislation

In a case dating back to 2016 but just recently published, the Office of the Privacy Commissioner of Canada has ruled that the collection and use of a plaintiff’s personal information for the purpose of defending against a civil lawsuit is not a “commercial activity” and, as such, the Personal Information Protection and Electronic Documents Act does not apply.

 

, , , ,

Former employee steals personal information to purchase smart phones

The Office of the Information and Privacy Commissioner of Alberta has required a payment processing organization to notify individuals pursuant to section 37.1 of the province’s Personal Information Protection Act because there was a real risk of significant harm to those individuals affected by an incident that involved unauthorized access and theft of information of 60 Alberta residents.

 

, , , ,

Lenovo and Superfish: Proposed class action proceeds on privacy tort and statutes

It has been reported that a partial settlement may have been reached with Superfish, in a U.S. class action against both defendants. The settlement reportedly includes Superfish’s cooperation with the plaintiffs by disclosing over 2.8 million additional files and providing Superfish witnesses for a potential trial. The Canadian proposed class action is very much in its infancy. It remains to be seen how the class action will evolve in Canada.

 

, , , , , , ,

Canadian government suspends CASL private right of action

The Canadian federal government has announced that it has suspended the coming into force of the private right of action under Canada’s anti-spam legislation (CASL), originally scheduled to come into force on July 1, 2017.

 

, , , , , , , ,

CASL’s soon-to-be-enacted private right of action brings risk of class proceedings

On July 1, 2017, the private right of action under Canada’s Anti-Spam Legislation (CASL) will come into force.

 

, , , ,

Don’t outsmart yourself: AI and compliance

I’m a big fan of artificial intelligence. The older I get, the more I appreciate that real intelligence needs all the help it can get. Corporate ethics and compliance officers, however, need to pause before betting big on AI as a solution to all our needs.

 

, , , , ,

The current state of risk oversight: Useful or useless?

All the surveys, including this one, report that executives do not believe risk management practices at their organization are making a significant contribution to the development and execution of their strategies.

 

, , , , , , ,

CASL’s private right of action for Competition Act reviewable conduct

While much has been written about the impending CASL private rights of action, less has been said about the new private right of action CASL will tack on to the Competition Act for misrepresentations in electronic messages.

 

, , ,

Ontario court decides ground-breaking online copyright case

Trader Corp v CarGurus Inc, a recent Ontario Superior Court decision, breaks a staggering amount of new ground in Canadian copyright law.

 

, ,

Real answers to common questions on cybersecurity

Every day there is something in the news about organizations generally of all different sizes that have been breached and have had to deal with the impact of the loss, compromise or destruction of data. Making key decision-makers aware of the general threat landscape is helpful, but more helpful is making them aware of the threat landscape specific to your organization.

 

, , , , , , ,

Cyber and reputation risk are dominoes

As I was reading the book, I realized that I have a problem with organizations placing separate attention to reputation risk and its management. It’s simply an element, which should not be overlooked, in how any organization manages risk – or, I should say, how it considers what might happen in its decision-making activities.

 

, , , , ,

Cyberbullying and revenge porn: An update on Canadian law

The current nature of social media and, more broadly, the Digital Age, continues to create challenges for legislators and law enforcement officials alike. One such challenge arises in the cyberbullying context, where intimate (or otherwise private) images are uploaded to the Internet. These files can be copied, forwarded and shared instantaneously, making them seemingly impossible to delete retrospectively. There have been developments in both common law in statute.

 

, , , , , , , , , ,

Previous Posts Next posts